UK Pulls Back on Security Endorsement of Huawei – Warns of New Risks

A UK government oversight board has published a report into Huawei’s broadband and mobile infrastructure equipment, suggesting that it can only offer “limited assurance” that the company doesn’t pose any threat to national security. The annual report from the Huawei Cyber Security Evaluation Centre (HCSEC) oversight board says that it has concerns with the company’s software engineering processes and the possible threats it could make UK telecommunication networks vulnerable to.

The report says that the company needs to do “significant work” to manage these risks.

Today’s report [PDF] comes after the Chinese phone maker had to deal with similar concerns in the United States with most of the intelligence agencies in the country warning against buying the company’s products. Huawei remains the world’s largest producer of telecom equipment and supplies broadband and mobile network equipment to both the UK and the US.

In its own statement, the company acknowledged that there were “areas for improvements.” In a statement, the company spokesperson said that the firm is “grateful for this feedback” and is “committed to addressing these issues.”

“Cybersecurity remains Huawei’s top priority, and we will continue to actively improve our engineering processes and risk management systems.”

Considering its massive presence, the HCSEC was created in 2010 in the UK for the government to keep an eye on Huawei. The oversight board reportedly includes a senior executive from Huawei and representatives from various levels of government, security, and the telecom industry.

The report said that the watchdog was disappointed with Huawei’s lack of progress in fixing the issues identified in the past. It also added that the HCSEC has “identified shortcomings in Huawei’s engineering processes” that have “exposed new risks in the UK telecommunication networks and long-term challenges in mitigation and management.”

“[It was] identified that not all components are managed through this process and, in particular, security critical third-party software used in a variety of products was not subject to sufficient control.”

According to BBC, the oversight board has previously published three annual reports with all of them suggesting that any risks posed by Huawei to the country’s national security were mitigated. However, now with the US and Australia following a similar approach to dealing with threats to the critical infrastructure, the UK is also saying that Huawei is falling short in doing enough to get a green signal to use its equipment in critical areas.

The report concluded that “due to areas of concern exposed through the proper functioning of the mitigation strategy and associated oversight mechanisms, the Oversight Board can provide only limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks have been sufficiently mitigated.”